Corban Technology Solutions Journal

Cybersecurity

and Patient Safety

Posted on June 6th 2017

With the WannaCry ransomware attack fresh on our minds, a new report has just been published by the US Department of Health and Human Services, (HHS) Cyber Security Task Force on improving cybersecurity across the health care industry.

Although it presents recommendations that are well worth reading, what is particularly striking about this report is the focus it has on cyber security and patient safety. The task force producing the report writes that it reflects “a shared understanding that for the health care industry, cyber security issues are, at their heart, patient safety issues.” Further to this, they write, “As health care becomes increasingly dependent on information technology, our ability to protect our systems will have an ever greater impact on the health of the patients we serve”.

The BMJ editorial cites risks incurred through “the extremely fragmented governance of cybersecurity in the NHS”, and that this was a core issue “underpinning the recent attack, and affects healthcare more profoundly than other critical sectors such as financial services, energy or central government”. If this sounds familiar, it is because these issues can be found across many countries, including Canada. And while a considerable amount of effort is being undertaken to support privacy and cybersecurity best practices across Health Authority hospitals and health care institutions here in British Columbia, there is much to be done to provide the same level of support in physician offices and dental clinics.

Cybersecurity risks to networked medical devices and connected IT networks cited in the HHS report which can impact patient safety include:

These risks impact confidentiality, integrity, and availability of health care information in varying degrees, and in different ways. As do, the HSS report cites, risks arising from the complex mix of applications, programs and interfaces from a variety of vendors supporting Electronic Health Records (EHRs). But, according to the HSS report, they all have a direct effect on patient safety.

This raises some important questions.

When it comes to managing health care information, are clinics doing enough to protect patient safety? And if more must be done, how can clinicians be better supported, so that their patients are not put at risk?

We will be writing more about recommended privacy and cybersecurity best practices for health care clinics here in western Canada. In the meantime, there is much you can do already. When you have a moment, check out our growing collection of posts on Best Practices.